Search This Blog

Friday, May 15, 2015

Security Management Weekly - May 15, 2015


  Learn more! ->   sm professional  

May 15, 2015
Corporate Security
Sponsored By:
  1. "Amtrak Passenger Deaths Are Rare Despite Concerns Over Infrastructure"
  2. "The Millennial Security Risk"
  3. "Security at Muhammad Cartoon Event Is Defended by Police"
  4. "FBI Alleges Former PPG Employee Gave Trade Secrets to Chinese Firm"
  5. "Cybersecurity, Fraud Top of Mind for Bank Execs: Report"

Homeland Security
Sponsored By:
  1. "Amtrak Crash Might Have Been Avoided by Tweak to Signal System"
  2. "U.S. Gambit Risks Conflict With China"
  3. "Weeks After Deadly Nepal Quake, Another Temblor Revives Fears"
  4. "Russia Tests Distant Waters, Resurfacing Cold War Fears"
  5. "Saudi Arabia Says King Won't Attend Meetings in U.S."

Cyber Security
  1. "House Votes to End NSA's Bulk Phone Data Collection"
  2. "Cybercrime Will Cost Businesses $2 Trillion by 2019"
  3. "U.S. Concerned China Behind Cyberattack on U.S. Sites"
  4. "Why Smart Cities Need to Get Wise to Security – and Fast"
  5. "N.Y. Banking Regulator to Issue Cyber Security Rules"




Amtrak Passenger Deaths Are Rare Despite Concerns Over Infrastructure
USA Today (05/14/15) Jansen, Bart; Frank, Thomas

Despite concerns about Amtrak's busy Northeast Corridor between Washington, D.C., and New York, passenger deaths and train derailments remain extremely rare, according to federal records and reports. There have been 158 Amtrak passenger deaths since 1975, Federal Railroad Administration records show, many caused by passengers falling or jumping off trains. Most Amtrak-related deaths involve trespassers struck by trains, sometimes in suicides, rather than from derailments such as Tuesday's crash in Philadelphia. The latest incident, in which seven passengers were killed, is bringing attention to the aging infrastructure of the busiest U.S. rail corridor. At a Senate hearing last week, federal Northeast Corridor advisory commission Chairman James Redeker said the corridor's infrastructure is "deteriorating and reaching the practical limits of its capacity to carry additional passengers." A main safety recommendation by the National Transportation Safety Board is for trains to have automatic braking, known as positive train control, for a train traveling too fast along a section of track. Costs of upgrades, however, has prevented the adoption of positive train control.

The Millennial Security Risk
eSecurity Planet (05/13/15) All, Ann

The United States workforce is statistically dominated by young people ages 22 to 31, according to the U.S. Bureau of Labor Statistics. This may sound like good news, but it could spell trouble for your company's data. A report from Absolute Software found that millennial employees are significantly more likely to put corporate data at risk in comparison to their elder counterparts. The biggest issue is that millennial respondents consistently failed to recognize activities that create risk, such as modifying default settings. The fact that millennials have grown up in the digital age is one reason why they seem to treat security so lackadaisically. To solve this issue, you need to install a security policy that clamps down on stragglers. It is important to make the ramifications for poor judgment visible so that younger employees know that there are consequences for failing to act correctly. The policy must be available to view, and employees must be trained on the proper actions to take in order to avoid mistakes. Most importantly, a company must maintain control over devices. If employees, especially millennials, have the ability to access and transport sensitive data (even if they're doing it unaware), it could spell major trouble for the company as a whole.

Security at Muhammad Cartoon Event Is Defended by Police
New York Times (05/12/15) P. A16 Fernandez, Manny

Police officials in Garland, Tex., are defending the way they handled security at the May 3 event where two gunmen opened fire. The incident has led to questions about whether federal authorities had warned local officials that one of the gunmen posed a threat. “No information was missed or ignored,” the Garland police chief, Mitch Bates, told reporters. “The identities of the two suspects were not known to us until many hours after the shooting occurred.” FBI Director James B. Comey told reporters on Thursday that the agency sent a bulletin to the Garland police hours before the attack, warning them that one of the gunmen, Elton Simpson, may appear at the event. Bates has denied that the information in that bulletin would have prevented the shooting, saying that it was sent to members of a federal Dallas-area joint terrorism task force that included a Garland police detective.

FBI Alleges Former PPG Employee Gave Trade Secrets to Chinese Firm
Associated Press (05/08/15)

Thomas Rukavina, a retired PPG Industries Inc. employee, stole trade secrets worth "hundreds of millions of dollars" for plastic windows used on aircraft and high-speed trains and shared some of the information with a Chinese firm, the Federal Bureau of Investigation said. Rukavina retired from coatings-and-paint manufacturer PPG in July 2012 and had been in contact with J.T.M.G. Co. of Jiangsu, China since March 2013, according to emails in the criminal complaint. The Chinese company makes glass for automotive and other specialty purposes and has not been criminally charged. The company asked Rukavina if he had signed a confidential agreement with PPG, and he responded, "When you join and when you leave PPG you are forced to sign these documents. (If) you followed these documents as written you could never work again.” He claims he had not agreed to leave PPG and was "forced out."

Cybersecurity, Fraud Top of Mind for Bank Execs: Report
Bank Technology News (05/12/15) Wilhelm, Colin

A survey of 450 financial firms by Accenture reveals that close to 90 percent plan to boost their risk management spending tied to cybersecurity and fraud detection and prevention. As part of the study, Accenture polled 150 bank executives, 65 percent of whom view cybersecurity as the risk most likely to increase in severity during the next two years. Of these executives, 62 percent cited credit risk and 61 percent cited fraud and financial crime as other risks expected to become more severe in the coming years.

Amtrak Crash Might Have Been Avoided by Tweak to Signal System
Wall Street Journal (05/15/15) Mann, Ted

Federal investigators say that the derailment of an Amtrak passenger train in Philadelphia this week that killed eight passengers and left more than 200 injured could have been prevented by the new positive train control safety system that Amtrak is in the process of installing on its tracks. However, safety experts and officials from other railroads say that the crash could have also been prevented by Amtrak's existing safety system, automatic train control, which has been used for decades and was installed on the southbound tracks near the northbound tracks where the derailment occurred. Amtrak officials say that the automatic train control system was not installed on the northbound tracks because they were considered to be less of a derailment risk. Federal investigators are still trying to uncover what caused the derailment. The train steadily accelerated for more than minute before the crash, until it was going more than twice the speed limit of the curve in the tracks where it derailed. The electric locomotive hauling the train is one of a new fleet of such locomotives deployed by Amtrak starting last year year and investigators say the "mechanicals of the locomotive" are one of the areas they are examining.

U.S. Gambit Risks Conflict With China
Wall Street Journal (05/14/15) Browne, Andrew

The United States is considering limited military action to pressure China into ceasing its reclamation works in the South China Sea. The U.S. government may send warplanes and naval vessels near artificial islands that China is building, but the action could draw America further into the territorial disputes between China and its neighbors. If the move fails and China persists, the United States will have to choose whether to back down and damage its credibility, or escalate and risk open conflict with China. The Chinese government already has suggested that such a plan would go too far, but it also has indicated that it does not want confrontation. There is little chance that China will cease its efforts to increase its scant territory in the Spratly Islands. The nation's military strategy in the region has been based on developing the technology and weapons to raise the potential costs of the United States intervening in any crisis. By pressuring China, the United States also may be pressuring regional allies into reluctantly choosing between the two powers.

Weeks After Deadly Nepal Quake, Another Temblor Revives Fears
New York Times (05/13/15) Barry, Ellen

Nepal was struck by another powerful earthquake on Tuesday, barely three weeks after a devastating 7.8 magnitude quake that flattened buildings and killed more than 8,000 people. Large aftershocks are not uncommon following a major quake, but the 7.3 magnitude temblor that struck Tuesday was more powerful than expected. Already damaged structures collapsed in many cities and landslides blocked several recently cleared roads. By early Wednesday, Nepal's National Emergency Operation Center was reporting 65 deaths and nearly 2,000 injuries from Tuesday's quake, even as the death toll from April quake continues to rise. The effects of Tuesday's quake were also felt across Nepal's borders. Chinese media reported one fatality and two injuries as a result of a landslide in Tibet triggered by the quake, while Indian officials are reporting eight fatalities in the state of Bihar, which borders Nepal. Witnesses in Nepal describe people fleeing from buildings they only recently re-occupied and many office workers refused to return to work following the quake, fearing more collapses. An American structural engineer surveying buildings in the city of Bhaktapur said a third of the buildings he surveyed would likely have to be demolished.

Russia Tests Distant Waters, Resurfacing Cold War Fears
New York Times (05/11/15) Castle, Stephen

As Russia assumes a more militaristic stance, confrontations between its military and others in the region have increased. In November, the European Leadership Network detailed some 40 incidents involving confrontations between the Russian and Western militaries that occurred in the preceding eight months, and there have been several incidents since then. In December, the Norwegian military said one of its warplanes nearly collided with a Russian fighter, and in the last several months Britain has scrambled fighters to escort Russian bombers out of British airspace. There have also been an increasing number of incidents involving unidentified submarines thought to be Russian in origin. Last month a fishing vessel called the Karen was dragged and nearly capsized after its nets were caught by a submerged submarine in the Irish Sea. That event occurred at the same time as a NATO exercise off the British coast, during which British forces were distracted by a Russian destroyer and a pair of support ships that appeared in the English Channel. Malcolm Chalmers, research director of the Royal United Services Institute, says Russian subs are being deployed further from Russia than they were five years ago. He says that the incidents with Western militaries are efforts by Russia to "assess the response of potential opponents and their own capability for gaming potential opponents. "

Saudi Arabia Says King Won't Attend Meetings in U.S.
New York Times (05/11/15) P. A1 Cooper, Helene

Saudi Arabia's new monarch, King Salman, will not attend meetings at the White House with President Obama or this week's summit gathering at Camp David, the nation announced on Sunday. This decision is a display of Saudi Arabia's displeasure with how the United States has been handling relations with Iran. Instead of coming himself, the king plans to send Crown Prince Mohammed bin Nayef, the Saudi interior minister, and Deputy Crown Prince Mohammed bin Salman, the defense minister. Obama administration officials say that, when Secretary of State John Kerry met in Paris with his counterparts from the Arab nations invited to the summit meeting, the Arab officials had pressed for a defense treaty with the United States, in which the United States pledged to defend them in case of external attack. Such a treaty, however, must be ratified by Congress, and an administration official said that Obama is prepared to offer a less-binding presidential statement instead. Experts say that the Arab nations are also upset about recent comments from Obama that allies like Saudi Arabia should be worried about internal threats, such as alienated populations and destructive ideology. Arab allies also want to buy more weapons from the United States, but there are restrictions on the types of weapons that U.S. defense firms can sell to Arab nations, in an effort to maintain Israel's military advantage.

House Votes to End NSA's Bulk Phone Data Collection
New York Times (05/14/15) P. A11 Steinhauer, Jennifer

The House on Wednesday voted 338 to 88 in favor of a bill that would end the federal government's bulk collection of phone records. The bipartisan bill would alter the Patriot Act to prohibit bulk collection by the National Security Agency (NSA) of metadata charting Americans' telephone calls. The House version of the bill does not allow the government to collect the data, but does allow it to access the information, which would be in the hands of the private sector, such as telecommunications companies. Spy agencies or the FBI could request relevant data with the approval of the Foreign Intelligence Surveillance Court. The vote puts pressure on Sen. Mitch McConnell (R-Ky.), the Senate majority leader, who wants the NSA collection of data to continue. Congress must reach some kind of compromise before June 1, when the provision of the Patriot Act that permits the NSA dragnet expires. The debate over the issue also has been complicated by a federal appeals court ruling last week that found the NSA's bulk collection of phone records illegal.

Cybercrime Will Cost Businesses $2 Trillion by 2019
Security Magazine (05/15)

The rapid digitization of consumers' lives and enterprise records will increase the cost of data beaches to $2.1 trillion globally by 2019. The number is almost four times the estimated cost of breaches in 2015, according to Juniper research. The research, "The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation," found that the majority of these breaches will come from existing network infrastructure. Although new threats targeting the IoT and mobile devices are increasing, the number is minimal in comparison to more traditional computing devices. Report author James Moar said "we aren't seeing much dangerous mobile or IoT malware because it's not profitable." Research also showed that the average cost of a data breach in 2020 will exceed $150 million, as more business infrastructure gets connected.

U.S. Concerned China Behind Cyberattack on U.S. Sites
Associated Press (05/11/15) Pennington, Matthew

The United States is concerned over a report that China manipulated international Internet traffic intended for a major Chinese Web service company and used it for a cyberattack on U.S. sites. State Department spokesman Jeff Rathke's comments follow complaints from anti-online censorship group that Chinese authorities carried out denial-of-service attacks that shut down Github, a U.S.-based computer code sharing site that hosts some of Greatfire's data. produces mirror websites that allow Chinese users to see information normally blocked by government censors. The United Stats has asked Chinese authorities to investigate and provide the findings, said Rathke. alleged that Chinese authorities carried out the attacks by installing malicious code on the computers of users visiting the Chinese search engine Baidu and related sites and used those computers to overwhelm Github and websites with service requests.

Why Smart Cities Need to Get Wise to Security – and Fast
The Guardian (United States) (05/13/15) Kobie, Nicole

“Smart” technology for cities that interconnects features such as utility meters and public transport could provide invaluable data, but security experts warn that they could be even more vulnerable to hackers than current technology. Cesar Cerrudo, chief technology officer at security research firm IOActive Labs, warns that city authorities often do not test the security of the systems they purchase from technology firms. He noted that many firms selling smart systems do not build in effective security, such as encryption, which could allow anyone to capture data sent over the air and compromise security. The 200,000 traffic control sensors installed around the world, for example, could be vulnerable to attack. When purchasing their solutions, governments should not only look for the most desirable features, but also take the time to understand security systems and make sure they work. Cerrudo recommends that every city have a Computer Emergency Response Team to handle attacks or vulnerabilities.

N.Y. Banking Regulator to Issue Cyber Security Rules
Reuters (05/12/15)

Benjamin Lawsky, New York's financial services regulator, says he hopes to propose new cyber security regulations for banks and insurance companies by the end of the year. Lawsky, superintendent of the New York Department of Financial Services, says the regulations would aim to plug security gaps that could make financial institutions more vulnerable to hacking. "The one thing we find to be an existential threat right now is whether our financial institutions and systems are adequately protected when it comes to cyber security," he says. The planned regulations would follow a report issued by the department in April, which revealed that one-third of the 40 banks it surveyed did not require outside vendors to notify them of breaches, which could compromise bank data. One regulation may require banks to get warranties from their vendors about what cyber security protections they have in place. A second regulation could require banks to adopt a multi-step process for allowing employees, and possibly customers, to log into their systems in order to make sure they are authorized users, Lawsky says.

Abstracts Copyright © 2015 Information, Inc. Bethesda, MD

  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Security Management Online | ASIS Online

No comments: